CN1181560A - Apparatus for authenticating user and method therefor - Google Patents

Apparatus for authenticating user and method therefor Download PDF

Info

Publication number
CN1181560A
CN1181560A CN97120040A CN97120040A CN1181560A CN 1181560 A CN1181560 A CN 1181560A CN 97120040 A CN97120040 A CN 97120040A CN 97120040 A CN97120040 A CN 97120040A CN 1181560 A CN1181560 A CN 1181560A
Authority
CN
China
Prior art keywords
password
card
random number
terminal
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN97120040A
Other languages
Chinese (zh)
Other versions
CN1197030C (en
Inventor
柳周烈
郑镐硕
文焞一
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of CN1181560A publication Critical patent/CN1181560A/en
Application granted granted Critical
Publication of CN1197030C publication Critical patent/CN1197030C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Abstract

An apparatus for authenticating a user includes an integrated circuit (IC) card for storing a secret key for generating a one time password and also storing predetermined random numbers. A terminal includes a card receiver for receiving the IC card, a random number memory for reading and storing, and then deleting the random numbers of the IC card, a first password generator for generating a one time password using the secret key of the IC card and one of the random numbers, a first random number changer for changing the random number stored in the random number memory in a predetermined way and storing the changed value, and a display for displaying the password. A server receives the password and compares it with one which it generates from stored values in a similar way, for verification. It is possible to raise the security level by using a one time password in which a different password is used each time a user is authenticated, and to save costs by generating a one time password for each of various services with a single terminal.

Description

Differentiate user's devices and methods therefor
The present invention relates to user's identification system, especially, relate to a discriminating and use the user's of portable terminal device and an integrated circuit (IC) card devices and methods therefor, (IC) transaction record of card expression account balance and electronic money also can produce a disposable use or temporary transient password.
Because computing machine and the development of communicating by letter, popularizing of computer network has the development of integrated circuit (IC) card of storage and computing power, produced many applications and brought human many convenience.The electronic money of one of application of IC-card should be able to be represented the transaction record of account balance and electronic money.
The user can not go to bank just can handle the money among the his or her account and handles many things by a computed far-end in his or her family easy to connectly in addition.Whether the user that this moment, one ISP such as bank or network service provider must confirm to require service one validated user.If one pretends attempt for the people of validated user owing to weak user's identification system is succeedd, then invasion of privacy and generation spirit with destruction material.Especially, as user during from remote request service, the ISP needs a method to confirm user's identity and does not meet with the user.
For differentiating user's identity, can use and have only the user to know, only the user is all, or the user exclusive physical features or custom.General being used to of fundamental sum differentiates that the method for user's identity is to use password.In the cipher code method, by the identity of differentiating the user that confirms that user only knows.The user of i.e. request service selects his or she password of knowing and to ISP's registration (server) only.The user uses a string several numerals or letter as password usually.The user who differentiates his or her identity when hope when the server is transmitted password, the password that the server is relatively transmitted and the password of initial registration, and differentiate the user.
Be safety discriminating user's identity, recommend to adopt disposable accessing to your password, wherein each user changes password when wishing to differentiate.In this method, change password when wishing to differentiate, the password that the disabled user can not find with him or she again owing to each user.For discriminating one's identification, need one to produce the disposable device that accesses to your password with disposable accessing to your password.At this moment, if each user produces disposable accessing to your password with his or she terminal because can confirm simultaneously that user only knows with user only all with the discriminating user, so can increase security.
In disposable accessing to your password, be different from ordinary password, need the amount that at every turn all changes for the password that produces each change.Adopt the method for the proposition/response of the method for a usefulness real time clock (RTC) and a usefulness random number for this reason.
In the user differential method of RTC as a variable, terminal that the user is all and ISP's server sync.Promptly when the user wishes to be differentiated, recently differentiate the user with server mutually at the password that the identical time produced by disposable the accessing to your password that will produce according to the time of terminal.
In the method for proposition/response of using random number, produce random number with a tandom number generator for producing disposable accessing to your password.When the user differentiated beginning, server produced random number and they is reached the user.Terminal is encrypted these random numbers with a close number of sharing with server, produces disposablely to access to your password and it is reached server.Server produces a password and the password phase that itself and terminal produce is recently differentiated the user by using identical close number of sharing with terminal and the same random number that transmits.
Yet above-mentioned that access to your password, use maximum user's discrimination methods that many problems are arranged at present.Be easy to be found according to the several numerals of personal information such as telephone number, date of birth and I.D. ID generation or the password of letter by other people.When the user remembers password when it is located for bearing in memory, be easy to be found by other people.This moment, the user of request service was differentiated his or her password when telephone wire or the network transmission from afar, very easily was exposed to other people by a wiretap.
With in user's differential method of RTC, disposablely access to your password and differentiate user, the time synchronized of the time of the terminal that the user is all and ISP's server for producing.If terminal is asynchronous with server with the passing of time, because the password that terminal produces is different from the password that server produces, even then validated user can not be proved to be.For making terminal and server sync need one to install especially.Therefore in the service of traditional application, differentiate and need a special server come the time of synchronous terminal and the time of server when having used a disposable password, caused the cost that the ISP is big like this for strengthening the user.Owing to the variable with real time clock generation password in terminal is a real time clock, terminal only can be that a service produces disposable accessing to your password in addition.When the user needed a plurality of application service, each service needed an independent terminal.
In the method for above-mentioned proposition/response with random number, must be input to terminal for producing the random number that the disposable server that accesses to your password transmits.Terminal must contain an input equipment for this reason.In addition, owing to when server reaches terminal and user with the random number entry terminal with random number, need a processing, will spend the long period certainly and to user's inconvenience.In addition, when can not reaching the user with random number, server can not use this method.
The objective of the invention is to differentiate the user that provide a device to differentiate the user who has used portable terminal and IC-card, IC-card can be represented the transaction record of account balance and electronic money and can produce disposable accessing to your password for cheap and safety.
For achieving the above object, one discriminating user's device is provided, contain and preserve integrated circuit (IC) card that is used to produce disposable key that accesses to your password and predetermined random number, produce the disposable terminal that accesses to your password with IC as input, the disposable server that accesses to your password that authentication terminal produces.Terminal contain one receive and with the IC-card interface, and judge whether to insert for the first time the card receiver of IC-card, a random number memories that when for the first time IC-card being inserted card receiver, reads and preserve and delete the random number of IC-card, produce the disposable first password generator that accesses to your password by key that reads IC-card and the random number that is stored in random number memories, random number that will be stored in random number memories when the first password generator produces disposable accessing to your password changes a predetermined value into and first random number that the change value is stored in random number memories is changed device, display terminal and server result display.Server contains preserves the key consistent with key that initially is stored in IC-card and predetermined random number and the crypto key memory of predetermined random number, one is read the key that is stored in crypto key memory with predetermined random number and use the method identical with terminal to produce the disposable second password generator that accesses to your password, one random number that when the second password generator produces disposable accessing to your password, will be stored in crypto key memory change into one with the identical value of terminal random number change device, and second random number that the change value is stored in crypto key memory changed device, the one disposable password receiver that accesses to your password that produces by telephone wire or network receiving terminal, and the password that receives of a check whether with the identical password verifier of password that produces.
IC-card also contains a card access key storer, crypto key memory contains one and allows the public area of unconditional access and be the privately owned district that safe storage allows the required card access key of visit secret zones and needs one block access key during from external reference, and one compares the card access arbitration device that determines whether to allow to the visit of internal information by the card access key that the outside is imported with the card access key that is stored in card access key storer.When IC-card inserted card receiver for the first time, the random number memories of terminal read the card access key and the random number of IC-card and stores them, and deleted random number and card access key from the public area of IC-card.
First password of terminal produces the symmetric key encryption device part that part contains the random number of the key that reads IC-card and random number memories and produces a password with symmetric key encryption algorithm, the assorted function part in Kazakhstan of password that produces in one usefulness, the one unidirectional Kazakhstan assorted function transition symmetry cipher key encryptor part and the reverse tracking that prevents key and one with the output of encryption equipment from breathing out the format converter that assorted function partly changes into a predetermined format.Second password of server produces partly to contain and reads key and random number that is stored in key storing part and the symmetric key encryption device part that produces a password with symmetric key encryption algorithm, the one usefulness assorted function in one unidirectional Kazakhstan also prevents the assorted function part in Kazakhstan of the reverse tracking of the password that produces in the symmetric key encryption device part and the output of encryption equipment from breathing out the format converter that assorted function partly changes into a predetermined format.
For achieving the above object, provide a usefulness one user's identification device to differentiate user's method, this user's identification device contains the IC-card of storing a predetermined random number and produces the disposable key that accesses to your password, one usefulness IC-card produces the disposable terminal that accesses to your password as input, the disposable server that accesses to your password that produces with the preservation key consistent and random number and authentication terminal with IC-card, this method contains the step: IC-card is inserted terminal, judge whether IC-card is inserted into for the first time, initialization reservation service and produce disposable accessing to your password when for the first time inserting IC-card, when IC-card is to produce disposable user cipher when insert the back, disposablely accesses to your password and confirm disposable accessing to your password through what a scheduled communication medium receiving terminal produced.The initialization of serving when producing the step of password contains the step: read the random number of IC-card and it is stored in terminal, this random number of deletion from IC-card.When producing the step of password, produce disposable accessing to your password and contain the step: the key and the random number that is stored in terminal that read IC-card, carry out symmetric key encryption algorithm with this key and random number as input, according to the output valve fill order of symmetric key encryption algorithm to breathing out assorted function, random number is changed into a predetermined value and is stored in terminal, the output of the assorted function in unidirectional Kazakhstan is converted to predetermined format.Confirmation contains the step: through disposable the accessing to your password of scheduled communication medium receiving terminal generation, read the key and the random number that are stored in server, carry out symmetric key encryption algorithm with this key and random number as input, according to the output valve fill order of symmetric key encryption algorithm to breathing out assorted function, random number is changed into a predetermined value and is stored in terminal, the output of the assorted function in unidirectional Kazakhstan is converted to predetermined format, as if disposable access to your password identical then the differentiate user of predetermined format, if difference is not then differentiated the user with reception.
When IC-card contains a privately owned and common storage area and contain the required card access key in the privately owned district of visit, the initialization of serving when producing the step of password contains the step: read random number and card access key from the public area of IC-card to allow visit random number and privately owned district, and deposit it in terminal, delete this random number and card access key from the public area of IC-card.The key that reads IC-card when producing the step of password contains the step: the card access key input IC-card that will be stored in terminal, whether the card access key that check inputs to IC-card is identical with card access key in the privately owned district of IC-card, if it is identical, then allow access card, during the check card access key, then read the key of IC-card as if the permission visit.
Each contains a counter with terminal and server sync the time when terminal and server, produces disposable accessing to your password and contain the step when producing the step of password: random number sum counter value is changed into predetermined value and deposits it in terminal.Produce disposable accessing to your password and contain the step when producing the step of password: Counter Value is inserted according to the output fill order of symmetric key encryption algorithm in breathing out the password bit stream that assorted function produces, and the password bit stream that Counter Value is inserted wherein transfers predetermined format to.The reception step that confirms the step also contains: extract Counter Value from disposable the accessing to your password that receives, compare with the Counter Value in the server extracting the Counter Value that extracts in the step, Counter Value is when unequal in step relatively, the Counter Value of counter equated and random number is changed into and the corresponding random number of Counter Value.The step that confirms the change random number in step is that random number is changed into a predetermined value and deposits it in terminal.The conversion step that confirms the step contains the step: the fill order is to breathing out assorted function and Counter Value being inserted in the output password bit stream, and the password value that Counter Value is inserted wherein is converted to a predetermined format.
Will clearer above-mentioned purpose of the present invention and advantage by being described in detail with reference to the attached drawings a preferred implementation.
Fig. 1 is a structured flowchart of differentiating user's device according to the present invention;
Fig. 2 is the detailed block diagram of the first password generator;
Fig. 3 is the detailed block diagram of the second password generator;
Fig. 4 is an overall work flow graph of differentiating user's device according to the present invention;
Fig. 5 is the flow graph of service initialization process;
Fig. 6 is that Fig. 4 produces the disposable detailed process flow graph that accesses to your password;
Fig. 7 confirms that the user reaches the processing flow graph of password of access provider's server.
After this will be described in detail with reference to the attached drawings the present invention.With reference to figure 1, one differentiates that according to the present invention user's device contains a safe storage and carries the IC-card 100 of privacy information, one subminiature portable, generation one disposable accessing to your password with identity that confirms the user and the terminal 120 of representing the account balance of electronic money, the disposable server 140 that accesses to your password and service is provided that authentication terminal 120 produces.
IC-card 100 is preserved and is used to produce disposable predetermined random number that accesses to your password and key.IC-card 100 contains the public area 106 of a permission external reference, need the privately owned district 108 of a card access key during one permission external reference, the card access key storer 102 of one required card access key when preserving the privately owned district 108 of visit is with the card access arbitration device 104 that will compare and judge whether to allow to visit internal information from the card access key of outside input and the card access key that is stored in card access key storer 102 (as privately owned district).Because the memory space of IC-card 100 is much larger than the memory space of traditional magnetic card, IC-card 100 can be used as many information that I.D. or electronic money and preservation user can not be remembered.Owing to need the card access key of IC-card 100 when reading the data that exist in the IC-card, other people can not obtain user's personal information easily even the user has misplaced IC-card in addition.
Terminal 120 is used to receive IC-card 100 and produces disposable accessing to your password.Terminal 120 contains a card receiver 121, one random number memories 122, one first password generators 123, one first random numbers and changes device 124, one display 125, one query portions, 126, one counter memory 127 and counter change device 128.
Card receiver 121 have one receive IC-card 100 groove and with IC-card 100 interfaces.When IC-card 100 initial inputs during to card receiver 121 random number memories 122 read the random number that is stored in IC-card 100, preserve random number and deletion is stored in IC-card 100 these random numbers.
The first password generator 123 is used to read the key of IC-card 100 and is stored in the random number that random number is preserved part 122, produces disposable accessing to your password with a preordering method.As shown in Figure 2, the first password generator 123 contains a symmetrical secret key encryption part 200, and breathes out assorted function part 210, and one first format converting part 220.Symmetric key encryption part 200 reads the key of IC-card 100 and is stored in the random number that random number is preserved part 122, produces a password with a symmetrical secret key cryptographic algorithm.Breathe out assorted function part 210 and stop reverse tracking key of disabled user and random number by the password that produces with unidirectional Kazakhstan assorted function transition symmetry secret key encryption part 200.First format converting part 220 is used for and will be converted to the predetermined format that the user can understand easily from the password bit stream of breathing out assorted function part 210 outputs.First format converting part 220 contains the format converter 224 that the counter inserter 222, that the value of counter memory 127 is inserted the password bit stream will be converted to the predetermined format that the user can understand easily from the password bit stream of counter inserter 222 outputs.Protocol type selection (PTS) bit of the agreement of a plurality of disposable algorithms that access to your password of one expression generation can be counted device inserter 222 and additionally insert.Format converter 224 preferably is converted to the decimal number that the user can understand easily with a binary coded bit stream.
After the first password generator 123 had produced disposable accessing to your password, the random number that first random number change device 124 will be stored in random number memories 122 became a predetermined value and deposits the random number that changes in random number memories 122.Display 125 is used to show the password of the first password generator, 123 generations.Recommend to use LCD as display 125.
The account balance and the transaction record of query portion 126 expression IC-cards 100.Counter memory 127 is preserved Counter Value so that terminal 120 and server 140 is synchronous.No matter when having produced the disposable counter change device 128 that accesses to your password becomes Counter Value one predetermined value and deposits value in counter memory 127.
Server 140 is used for disposable the accessing to your password that authentication terminal 120 produces.Server 140 contains a crypto key memory 141, one second password generators 144, one second random numbers and changes device 143,1 password receiver, 142,1 password verifiers, 147, one counter memory 145, one counter changes device 146, one counter withdrawal devices 148 and a random number synchronizer 149.
Crypto key memory 141 is preserved consistent with key that initially is stored in IC-card 100 and predetermined random number respectively key and random number.
The second password generator 144 is used to read key and the random number that is stored in crypto key memory 141, uses the method identical with the preordering method of terminal 120 to produce disposable accessing to your password.As shown in Figure 3, the second password generator 144 contains symmetrical secret key encryption part 300, one an assorted function part 310 in Kazakhstan and one second format converting part 320.Symmetric key encryption part 300 reads key and the random number that is stored in crypto key memory 141, and produces a password with a symmetrical secret key cryptographic algorithm.Breathe out assorted function part 310 by the conversion password that assorted function produces in the unidirectional Kazakhstan of symmetric key encryption part 300 usefulness, stop disabled user's this key of reverse tracking and random number.Second format converting part 320 is used for and will transfers a predetermined format to from the password bit stream of breathing out assorted function part 310 outputs.Second format converting part 320 contains the format converter 324 that a counter inserter 322, that the Counter Value of counter memory 145 is inserted the password bit stream will transfer the predetermined format that the user can understand easily from the password bit stream of counter inserter 322 outputs to.Format converter 324 preferably transfers a binary bit stream to decimal number that the user can understand easily.
Second random number changes device 143 makes the random number of crypto key memory 141 identical with the value that first random number of terminal 120 changes device 124, and the value that will change after the second password generator 144 has produced disposable accessing to your password deposits crypto key memory 141 in.Password receiver 142 receives disposable access to your password identical with the password of the display 125 that is shown in terminal 120 through a telephone wire or predetermined network.
Whether the password that 147 checks of password verifier receive is identical with the password that produces, and confirms this disposable accessing to your password.Counter memory 145 is preserved and is used for the Counter Value that terminal 120 and server 140 is synchronous.No matter when produced disposable accessing to your password, counter changes device 146 Counter Value is become a predetermined value and deposits it in counter memory 145.
Counter withdrawal device 148 extracts Counter Value from disposable the accessing to your password that password receiver 142 receives, extract PTS when PTS is inserted by the counter inserter 222 of terminal 120.Whether the Counter Value that random number synchronizer 149 monitor counter withdrawal devices 148 extract is consistent with the Counter Value of server 140.If not, random number synchronizer 149 produces a random number according to the Counter Value that is extracted and random number is inputed to the symmetric key encryption part 300 of server 140.
Differentiate the operation and the method for a user device according to the present invention, be described below.In the present invention, used all reformed disposable the accessing to your password of each discriminating user.One key, a random number and a counter are used as the variable that produces disposal password.This key that is used for symmetric key encryption algorithm uses and is stored in each user's IC-card 100 as the secret value of encrypting.The random number that at every turn is used for producing different passwords is stored in IC-card, and is reached and deposit in portable terminal 120 in the process of initialization server, and deleted from IC-card.Terminal 120 and server 140 synchronous counters are maintained in the terminal 120.Produce disposable accessing to your password with the random number sum counter that keeps in the terminal 120.When the user wishes to be differentiated by different server, need be used for the IC-card of each server, but a terminal is only arranged.
To make terminal 120 and server 140 be possible synchronously by contain Counter Value in password in producing a process of disposal password.Server 140 extracts Counter Value from password, this password is received from the user, with terminal synchronizes, use with terminal cipher key shared and random number and produce password, and whether detect the password that produces consistent with the password that receives from the user.Although only the counter of terminal has changed, it is possible being easy to terminal and server sync, and the counter of server does not change and causes the change Counter Value of user's chance.And IC-card can require the card access key submitted to read the information in the privately owned district 108 that is stored in card.Because by blocking access key the privately owned district of one user's energy Card Reader of being differentiated is only arranged, the preservation user's of safety personal information is possible.
Operation of the present invention will be by more detailed description.User's identification device according to the present invention has inquiry account balance and trade detail, and the initialization server produces disposal password and confirm the disposable function that accesses to your password in server to produce disposable accessing to your password.
According to Fig. 4, in the present invention, with disposable access to your password differentiate the user by three stepping trade user inserted IC cards to terminal initialization server (step 470) when obtaining service, in terminal, produce disposable accessing to your password (step 430), and confirm the user cipher (going on foot 450) in server.
The user goes into the card receiver 121 (step 400) of terminal 120>shelter for the service inserted IC card that obtains him or she and want and does not have P character used in proper names and in rendering some foreign names IC-card, the card receiver of terminal 120 is judged the kind of IC-card, and check IC-card 100 is to insert for the first time, still is inserted into once and in the past be initialised (step 410).If IC-card is to insert for the first time, will carry out initialization procedure (step 470).When the IC-card that is initialised already is inserted into, will determine whether to produce disposable accessing to your password (step 420).Usually, process finishes (step 460) when only inquiring about account balance.Use the device that is just moving of terminal to want the user who is differentiated to produce disposable accessing to your password (step 430).The card access key that terminal (120) will be received when initialization procedure is submitted to IC-card 100, reads secret value (key of symmetric encipherment algorithm) from card, and produces disposable accessing to your password (step 430).When the user passes to server 140 with this result (step 440), server 140 confirms its (step 450).
Fig. 5 describes service initialization procedure (step 470) in detail.For the first time IC-card 100 being inserted terminal 120 back (step 400 of Fig. 4) service initialization procedures (step 470) the user is used for the card access key is transferred to terminal, be used for reading the public domain that is stored in IC-card the user differentiated it is key in crucial random number and the home zone that is stored in user's IC-card, and from the public domain deletion random number and card access key.At this moment, terminal 120 judges that IC-card 100 is inserted for the first time, and carries out initialization procedure.Terminal 120 reads random number and the card access key (step 510) in the public domain that is stored in IC-card 100, and deposit them the random number memories 122 (step 520) of terminal 120 in, and from the public domain of IC-card 100 this random number of deletion and card access key (step 530).Therefore, only key be stored in initialization the safe home zone of IC-card in.
The information that is used to represent the IC-card of account balance is disclosed to everyone.Need block access key for reading the key that is stored in home zone that is used for user's discriminating.After having carried out the service initialization procedure, the key of IC-card only can be by executed the terminal of initialization procedure read.The user can be used for the disposable of a plurality of services with one of a terminal generation and access to your password.Terminal has been given each service assignment independently storage space.The required information of user of differentiating each service is stored in storage space.
Fig. 6 is the operation that describes the disposable step that accesses to your password 430 of generation of Fig. 4 in detail.Use by IC-card 100 and server 140 cipher key shared (key of symmetric key encryption algorithm) and the random number shared according to terminal 120 and server 140 and produce disposable accessing to your password.When the user inserts the I kilocalorie terminal (Fig. 4 goes on foot 400) and command terminal and produces disposable accessing to your password, the symmetric key encryption part 200 of the first password generator 123 of terminal 120 reads key and reads random number sum counter value (step 610) from random number memories 122 from IC-card 100, with a symmetrical secret key cryptographic algorithm from the value of reading produce a password (step 620), and the binary value (going on foot 630) that produces with the assorted function calculation in unidirectional Kazakhstan of breathing out in the assorted function part 210.The assorted function in unidirectional Kazakhstan is used to stop the disposable result who accesses to your password of his human of attempting unauthorized access to find any information about secret value.
Because the result of the assorted function in unidirectional Kazakhstan can not directly be used as disposable accessing to your password, it is by arithmetic processing conversion (step 680).At first the unfamiliar binary result value of user is become the easy-to-use decimal number of user.Disposable the accessing to your password that becomes decimal system form is shown in (step 690) on the display 125.Because the binary number very big (as binary number) of the assorted function in unidirectional Kazakhstan output more than 64 bits, it must by transfer to have a certain size, can be shown in number on the terminal display 125 (as with 8 decimal numbers during as disposable accessing to your password with the binary number of about 26 bits).
The end value of the assorted function in (step 680) the unidirectional Kazakhstan of use in the transfer algorithm, Counter Value and protocol type are selected (PTS).For synchronous terminal 120 and server 140, counter inserter 222 inserts PTS sum counter value N in the disposable bit stream that accesses to your password.The zone and the PTS zone that can be divided into the results area sum counter value N of the assorted function in unidirectional Kazakhstan as the secret sign indicating number of 26 bits.When server during, need PTS with the disposable algorithm classification that accesses to your password of various generations.
Each password hour counter value N that produces subtracted for one (step 650).And whether the value that detects after subtracting was 0 (step 640).On duty is 0 o'clock, handles to turn back to the initial step.Random number increases in the lump usually and is initialised when N is 0.In the process of initialization server, the random number that reads from IC-card, use only is used for initially producing password, and after the initial step, random number increased for one (step 650) when each generation password.When Counter Value N was 0, the random number (as the result of symmetric key encryption algorithm) that produces during password produces was set to the initial value of random number.By being increased, random number produces password (step 650).One new random number (step 660) when being 0, Counter Value N is set.After producing a password, random number R N sum counter value N is remembered in random number memories 122 (step 670).
Fig. 7 confirms that the user reaches the flow graph of processing of password of ISP's server 140.Server 140 receives disposable the accessing to your password (step 700) that the user is transmitted through password receiver 142.Then, server is from extracting Counter Value and synchronous with terminal 120 by counter withdrawal device 148 from the data bit flow that receives.The method that server 140 usefulness are identical with terminal, use by synchronous random number and close number and produce disposable accessing to your password (step 720).Because produce the disposable process that accesses to your password, omitted relevant explanation with identical in terminal.Disposable the accessing to your password that will produce then compared (step 730) with disposable the accessing to your password that the user produces.As if two password unanimities, just differentiated user's identity (step 770).
If the password that password that the user is transmitted and server 140 produce is inconsistent, it means that an illegal individual attempts to use this card, or user's terminal 120 is not synchronous with server 140.The disposable password that produces with server 140 of accessing to your password is not consistent if validated user transmits, and it is inconsistent that it means that the user has made the Counter Value of the Counter Value of a mistake or terminal 120 and server 140.That is, even the Counter Value of terminal 120 is consistent with the Counter Value of server 140, when the cycle of two counters N not simultaneously because the differential password of random number also may be different.For compensating it, server 140 increases Counter Value and random numbers, calculates password and password is compared with the periodic unit of counter with the password that the user is transmitted.Need not calculate all passwords of N time for calculating N the cipher server 140 after the cycle.Because when N was 0, only need one were provided with the additional calculations of a new random number, a large amount of calculating is unnecessary (step 760).When the password that password and user are transmitted after N password was inconsistent, N the later password of password need be recomputated.If need, can judge and to repeat such processing how many times (step 740).If the password that transmits of user is inconsistent with the password of server at the appointed time, its judges it is an illegal individual attempt and denial of service (going on foot 750).
As above-mentioned, can increase safe class by the password that is used for user's discriminating that extra use user remembers, wherein only use user's IC-card 100 and portable terminal 120.If the user has misplaced IC- card 100 and 120, one at terminal knows that userspersonal information's people can be differentiated by obtaining them.Join this identification system if only will confirm the process of the password remembered by the user, can obtain safer user's discriminating.That is, for being confirmed to be a validated user, the user should have the password of only being remembered by the user, and only the IC-card that has of user produces the disposable portable terminal that accesses to your password.
As above-mentioned, the user uses terminal to produce disposable accessing to your password.Have in the terminal each user's uniqueness is used to produce the different disposable keys that accesses to your password.This key should be contained in disposable the accessing to your password to confirm that the user is transmitted in the server.Herein, this key can be inserted in the terminal during fabrication by factory.Yet, recommend after a user that an ISP has carried out terminal registers just with this key insertion terminal.The ISP produces a key for terminal, and it is registered in the server by IC-card insertion terminal and with it.
Do like this, when making terminal, need not the process of extra insertion key.Therefore, when in factory's medium quantity batch processing terminal, can improve yield rate.In addition, the key that is used for user's discriminating that only serviced supplier knows is safe and can not divulges a secret.Herein, terminal fabricator or ISP are offering construction terminal in advance before the user.
Among the present invention, disposable the accessing to your password that just changes when using each discriminating one user improved safe class.
Among the present invention, owing to just produce correct disposable accessing to your password when only the terminal that has of the IC-card 100 that has as the user and user 120 is consistent, its safe class is far above the safe class of legacy user's discrimination method, even a disabled user obtains the terminal or the IC-card of a validated user like this, he or she can not produce correct password.In addition, owing in differentiating user's process, added the process that only confirms the password remembered by the user, password, IC-card, the terminal that produces user cipher is to confirm the pacing items of a validated user.
Among the present invention, because using his or her IC-card and portable terminal to bring in, the user produces disposable accessing to your password, and be provided with one and read information that is stored in this IC-card and the card access key of preserving user's personal information, stoped being exposed of personal information, and produced by a terminal and to be used for the disposable of multiple service and to access to your password.
Adopted to be used to produce the disposable random number that accesses to your password and to be used for counter with user's terminal and ISP's server sync, as the software in a traditional discriminating user system, the present invention is easy to realize.Therefore, might on cost performance, strengthen user's discriminating and do not increase ISP's ancillary cost.
The devices and methods therefor of discriminating user among the present invention can be used for the place that any needs are differentiated the user, as telephone bank, and the bank of home shopping and use PC, a PC communication and a network service of paying the bill.Especially, the user does not need directly to go the ISP to carry out a service registration there.The user applies for a service there from an ISP, receives an IC-card by mail there from the ISP, obtains a terminal from a shop, and by safety verification.Under the very difficult situation of user capture ISP, this is very easily.In addition, the ISP not demand side to many users to carry out large quantities of transmitting and receiving services.
The terminal of using among the present invention can produce disposable account balance and the transaction record that accesses to your password and represent an electronic money in the general purpose I C card.Consider that the use of electronic money will promptly popularize, terminal of the present invention is very useful.

Claims (12)

1. device of differentiating a user contains:
One is used to preserve and is used for producing disposable accessing to your password and integrated circuit (IC) card of the key of predetermined random number;
The described IC-card of usefulness produces a disposable terminal that accesses to your password as an input; With
One is used to differentiate the disposable server that accesses to your password that is produced by described terminal,
Wherein said terminal contains:
A card receiver, be used for receiving and with described IC-card interface, and judge whether described IC-card is input for the first time;
A random number memories when described IC-card is inserted described card receiver for the first time, is used to read and preserve, and deletes the random number in the described IC-card then;
One first password generator produces disposable accessing to your password by reading key that is stored in described IC-card and the random number that is stored in the described random number memories;
One first random number changes device, accesses to your password when being produced by the described first password generator when disposable, the random number that is stored in the described random number memories is become a predetermined value, and reformed value is deposited in the described random number memories; With
A display, be used to show described terminal and described server result and
Wherein said server contains:
A crypto key memory is used to preserve key and a corresponding to key of predetermined value and a predetermined value of being stored in described IC-card when initial;
One second password generator is used to read the key and the random number that are stored in described crypto key memory, and uses the same procedure of using with described terminal to produce disposable accessing to your password;
One second random number changes device, access to your password when being produced when disposable by the described second password generator, with be stored in random number in the described crypto key memory become one with described terminal in random number change the corresponding to number of device, and reformed value is deposited in the described crypto key memory;
A password receiver is used for receiving disposable the accessing to your password that described terminal produces through a telephone wire or a network; With
A password verifier is used to confirm whether the password of described reception is consistent with the password of described generation.
2. a device that is used to differentiate a user as claimed in claim 1, wherein said IC-card is used as an ID card and electronic money, and preserves a password value that is used to differentiate a user safely.
3. a device that is used to differentiate a user as claimed in claim 1, wherein between user's record time, the key of described terminal is by the described terminal of the initial insertion of an ISP.
4. a device that is used to differentiate a user as claimed in claim 1, wherein said IC-card also contains;
A card access key storer, this storer contains the public domain that a visit is unconditionally allowed, with a privately owned district that needs a card access key when allowing the visit from the outside, to preserve a required card access key of the described privately owned district of visit safely; With
A card access arbitration device, by comparing with the card access key being stored in described card access key storer from the described card access key of outside input, judge whether to allow to the visit of internal information and
Wherein when described IC-card was inserted described card receiver for the first time, the random number memories of described terminal read the random number and the card access key of described IC-card, and preserves them, and deleted random number and card access key from the public domain of described IC-card.
5. a device that is used to differentiate a user as claimed in claim 1, wherein said terminal also contain an inquiry in the described IC-card account balance and the query portion of transaction record.
6. a device that is used to differentiate a user as claimed in claim 4, first password of wherein said terminal produce part and contain:
A symmetric key encryption part is used to read the key of described IC-card and the random number of described random number memories, and adopts a symmetric key encryption algorithm to produce a password;
Breathe out assorted function part, use an assorted function in unidirectional Kazakhstan to change the password that described symmetric key encryption partly produces, for one to stop the described key of reverse tracking; With
A format converter, the password that is used for partly exporting from the assorted function in described Kazakhstan transfer to a predetermined format and
Second password of wherein said server produces part and contains:
A symmetric key encryption part is used to read the key and the random number that are stored in described key preservation part, and adopts a symmetric key encryption algorithm to produce a password;
Breathe out assorted function part, use a key that the assorted function in unidirectional Kazakhstan stops the described symmetric key encryption of reverse tracking partly to produce for one; With
A format converter, the password that is used for partly exporting from the assorted function in described Kazakhstan transfers a predetermined format to.
7. a device that is used to differentiate a user as claimed in claim 6, wherein said terminal and server also contain:
A counter memory that is used to preserve with a Counter Value of described terminal and described server sync; With
A counter changes device, no matter when has produced disposable accessing to your password, and it is used for described Counter Value is become a predetermined value, and newly value deposits in the described counter memory,
The format converter of the format converter of the wherein said first password generator and the described second password generator also contain one with the Counter Value of described counter memory insert from the password bit stream that the assorted function in described Kazakhstan is partly exported the counter inserter and
Wherein said server also contains:
A counter withdrawal device is used for extracting a Counter Value from disposable the accessing to your password that described password receiver receives; With
A random number synchronizer, the Counter Value that extracts at described withdrawal device be with the Counter Value of described server when inconsistent, and generation is corresponding to a random number of the described Counter Value that is extracted, and it is inputed to the symmetric key encryption part of described server.
8. a device that is used to differentiate a user as claimed in claim 7, wherein format converter becomes a decimal number with a binary number.
9. a device that is used to differentiate a user as claimed in claim 7, each also additionally inserts the bit PTS of an expression generation more than the agreement of a disposable algorithm that accesses to your password the counter inserter of wherein said terminal and described server, the counter withdrawal device of described server also extracts described PTS bit, and the first and second password generators also use one to produce disposable disposable accessing to your password of algorithm generation that accesses to your password according to the information of described PTS.
10. use user's identification device to differentiate a user's a method, containing one preserves the IC-card of a predetermined random number and produces a disposable key that accesses to your password, produce a disposable terminal that accesses to your password with described IC-card as input, be used for preserving key and corresponding to key of random number and random number with described IC-card, and differentiate the disposable server that accesses to your password that described terminal produces, user's discrimination method contains the step:
Described IC-card is inserted described terminal;
Judge whether it is for the first time described IC-card to be inserted described terminal;
When described IC-card is when being inserted into for the first time, reservation service of initialization also produces disposable accessing to your password, and when described IC-card is not when being inserted into for the first time, then produces disposable accessing to your password; With
Receive disposable the accessing to your password that described terminal produces through a scheduled communication medium, and confirm described disposable accessing to your password,
Wherein during the step that described password produces, the step of a service of described initialization contains the step:
Read the random number in the described IC-card and it is deposited in the described terminal; With
This random number of deletion from described IC-card,
Wherein during the step that described password produces, disposable step that accesses to your password of described generation contains the step:
(a) read the key of described IC-card and be stored in the random number of described terminal;
(b) carry out a symmetric key encryption algorithm with described key and random number as input;
(c) according to carrying out the assorted function in unidirectional Kazakhstan from the value of described symmetric key encryption algorithm output;
(d) described random number is become a predetermined value and deposit it in described terminal; With
(e) output of the assorted function in described unidirectional Kazakhstan is become a predetermined format and
The wherein said confirmation step contains the step:
Receive disposable the accessing to your password that described terminal produces through a scheduled communication medium;
Read the key and the random number that are stored in described server;
Carry out a symmetric key encryption algorithm with described key and described random number as input;
According to carrying out the assorted function in unidirectional Kazakhstan from the value of described symmetric key encryption algorithm output;
Described random number is become a predetermined value and deposits it in described terminal; With
With the output of the assorted function in described unidirectional Kazakhstan become a predetermined format and
If it is identical that described predetermined format and described reception disposable accesses to your password, then confirm a user, then do not confirm this user as if difference.
11. as the user's of discriminating of claim 10 method, during required card access key, wherein service of initialization contains the step during described password produces step when described IC-card also contains privately owned district of a service:
From the public domain of described IC-card, read and be used to allow random number and a card access key that random number and home zone are conducted interviews, and deposit them in described terminal; With
From the public domain of described IC-card deletion described random number and described card access key and
The described step (a) of wherein reading the password of described IC-card during described password produces step contains the step:
The card access key that is stored in described terminal is inputed to described IC-card;
Whether the card access key that check inputs to described IC-card is identical with card access key in the privately owned district of described IC-card, if they are identical, then allows the visit to card; With
During the step of described check card access key, when allowing visit, read the key of described IC-card.
12. method as the user of discriminating of claim 11, when each also contains counter with terminal and server sync when described terminal and described server, wherein disposable described step (d) that accesses to your password of generation contains the step during described password produces step: described random number and described Counter Value are become predetermined value, and deposit them in terminal
Wherein disposable described step (e) that accesses to your password of generation contains the step during described password produces step:
Described Counter Value is inserted the password bit stream that a value according to described symmetric key encryption algorithm output is carried out the generation of described step (c) of an assorted function in unidirectional Kazakhstan; With
The password bit stream that described Counter Value is inserted wherein transfers a predetermined format to,
The described reception step in wherein said confirmation step also contains the step:
From disposable the accessing to your password that receives, extract a Counter Value;
The Counter Value that will extract in the described extraction step is compared with the Counter Value of described server; With
In described comparison step, under the unequal situation of Counter Value, the Counter Value of described counter is equated, and described random number is become one and the corresponding random number of described Counter Value,
The described step of the described random number of change in wherein said confirmation step be used for described random number become a predetermined value and with it deposit in terminal and
The conversion step in described confirmation step contains the step:
Carry out the assorted function in described unidirectional Kazakhstan and described Counter Value is inserted the output password bit stream; With
The password value that described Counter Value is inserted wherein becomes a predetermined format.
CNB971200408A 1996-10-05 1997-10-05 Apparatus for authenticating user and method therefor Expired - Fee Related CN1197030C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
KR44125/96 1996-10-05
KR44125/1996 1996-10-05
KR1019960044125A KR100213188B1 (en) 1996-10-05 1996-10-05 Apparatus and method for user authentication

Publications (2)

Publication Number Publication Date
CN1181560A true CN1181560A (en) 1998-05-13
CN1197030C CN1197030C (en) 2005-04-13

Family

ID=19476333

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB971200408A Expired - Fee Related CN1197030C (en) 1996-10-05 1997-10-05 Apparatus for authenticating user and method therefor

Country Status (7)

Country Link
US (1) US6067621A (en)
JP (1) JPH10171909A (en)
KR (1) KR100213188B1 (en)
CN (1) CN1197030C (en)
DE (1) DE19744106B4 (en)
FR (1) FR2754411B1 (en)
GB (1) GB2317983B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005041481A1 (en) * 2003-10-29 2005-05-06 Hui Lin A method of internet clearance security certification and ic card certification hardware
WO2005041480A1 (en) * 2003-10-29 2005-05-06 Hui Lin A method of mail server landing security certification and ic card certification hardware
CN100343830C (en) * 1998-07-16 2007-10-17 索尼公司 Data storage equipment and data storage method
CN100352172C (en) * 2001-10-24 2007-11-28 中兴通讯股份有限公司 Method of implementing two kind hand set compatible right discrimination mode in personal hand set system
CN101273378A (en) * 2005-08-11 2008-09-24 维萨国际服务协会 Method and system for performing two factor mutual authentication
CN100432889C (en) * 2003-09-12 2008-11-12 Rsa安全公司 System and method providing disconnected authentication
CN1961523B (en) * 2004-02-23 2010-04-14 弗里塞恩公司 Token provision
CN1417741B (en) * 2001-11-03 2011-05-11 李灵 Two-way enciphering magnetic card anti-fake method
CN101394411B (en) * 2008-11-12 2011-08-17 北京飞天诚信科技有限公司 Safe packet transmission system and method
CN103475463A (en) * 2013-08-19 2013-12-25 华为技术有限公司 Encryption realization method and apparatus
CN102272768B (en) * 2009-01-05 2015-07-08 飞思卡尔半导体公司 Method, system and integrated circuit for enabling access to a memory element

Families Citing this family (267)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1139260A (en) * 1997-07-17 1999-02-12 Canon Inc User authenticating system, host computer, terminal device, authentication code generating method, recording medium
FR2779018B1 (en) * 1998-05-22 2000-08-18 Activcard TERMINAL AND SYSTEM FOR IMPLEMENTING SECURE ELECTRONIC TRANSACTIONS
US6044471A (en) 1998-06-04 2000-03-28 Z4 Technologies, Inc. Method and apparatus for securing software to reduce unauthorized use
US6986063B2 (en) * 1998-06-04 2006-01-10 Z4 Technologies, Inc. Method for monitoring software using encryption including digital signatures/certificates
US20040225894A1 (en) * 1998-06-04 2004-11-11 Z4 Technologies, Inc. Hardware based method for digital rights management including self activating/self authentication software
US20040117628A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
US20040117644A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for reducing unauthorized use of software/digital content including self-activating/self-authenticating software/digital content
US20040117663A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for authentication of digital content used or accessed with secondary devices to reduce unauthorized use or distribution
US20040117664A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Apparatus for establishing a connectivity platform for digital rights management
US20040117631A1 (en) * 1998-06-04 2004-06-17 Z4 Technologies, Inc. Method for digital rights management including user/publisher connectivity interface
US20040107368A1 (en) * 1998-06-04 2004-06-03 Z4 Technologies, Inc. Method for digital rights management including self activating/self authentication software
US6665800B1 (en) * 1999-01-26 2003-12-16 Dell Usa, L.P. System and method for securing a computer system
AU2878800A (en) 1999-02-12 2000-08-29 Allen Freudenstein System and method for providing certification-related and other services
GB9905056D0 (en) 1999-03-05 1999-04-28 Hewlett Packard Co Computing apparatus & methods of operating computer apparatus
IL128720A (en) * 1999-02-25 2009-06-15 Cidway Technologies Ltd Method for certification of over the phone transactions
JP4219561B2 (en) * 1999-03-05 2009-02-04 ヒューレット・パッカード・カンパニー Smart card user interface for trusted computing platforms
US6721891B1 (en) * 1999-03-29 2004-04-13 Activcard Ireland Limited Method of distributing piracy protected computer software
CN1384945A (en) * 1999-05-25 2002-12-11 塞弗派澳大利亚有限公司 System for handling network transactions
US7631195B1 (en) * 2006-03-15 2009-12-08 Super Talent Electronics, Inc. System and method for providing security to a portable storage device
US7873837B1 (en) 2000-01-06 2011-01-18 Super Talent Electronics, Inc. Data security for electronic data flash card
JP3718382B2 (en) * 1999-08-27 2005-11-24 株式会社日立製作所 Method and system for managing information written to storage medium
US7085931B1 (en) * 1999-09-03 2006-08-01 Secure Computing Corporation Virtual smart card system and method
US20020029200A1 (en) 1999-09-10 2002-03-07 Charles Dulin System and method for providing certificate validation and other services
JP2003521763A (en) * 1999-09-24 2003-07-15 メアリー マッケンニー System and method for providing settlement service in electronic commerce
US7290142B1 (en) * 1999-09-28 2007-10-30 Thomas Licensing System and method for initializing a simple network management protocol (SNMP) agent
US9430769B2 (en) 1999-10-01 2016-08-30 Cardinalcommerce Corporation Secure and efficient payment processing system
US7742967B1 (en) 1999-10-01 2010-06-22 Cardinalcommerce Corporation Secure and efficient payment processing system
FI19992343A (en) * 1999-10-29 2001-04-30 Nokia Mobile Phones Ltd A method and arrangement for reliably identifying a user on a computer system
KR20000006796A (en) * 1999-11-03 2000-02-07 이병훈 Eletro-payment methods using handphone
KR20000017997A (en) * 2000-01-03 2000-04-06 고문규 System and method of user verification for electronic commerce using a wireless communication terminal
ATE319103T1 (en) * 2000-01-26 2006-03-15 Em Microelectronic Marin Sa METHOD FOR TESTING AN INTEGRATED CIRCUIT WITH CONFIDENTIAL SOFTWARE OR HARDWARE ELEMENTS
US6834270B1 (en) * 2000-02-28 2004-12-21 Carlo Pagani Secured financial transaction system using single use codes
JP2001308850A (en) * 2000-03-31 2001-11-02 Internatl Business Mach Corp <Ibm> Method and device for connecting to network by communication terminal device
KR100369535B1 (en) * 2000-04-07 2003-01-29 주식회사 디지털씨큐 Apparatus for memorizing log data through tele-communication and method there of
JP3456191B2 (en) * 2000-04-20 2003-10-14 日本電気株式会社 Mobile communication terminal
KR20090116813A (en) * 2000-04-24 2009-11-11 비자 인터내셔날 써비스 어쏘시에이션 Online payer authentication service
US20020040438A1 (en) * 2000-05-05 2002-04-04 Fisher David Landis Method to securely load and manage multiple applications on a conventional file system smart card
JP2001337925A (en) * 2000-05-25 2001-12-07 Nec Gumma Ltd User authentication device and business transaction system using it
US6970853B2 (en) * 2000-06-06 2005-11-29 Citibank, N.A. Method and system for strong, convenient authentication of a web user
FR2810139B1 (en) * 2000-06-08 2002-08-23 Bull Cp8 METHOD FOR SECURING THE PRE-INITIALIZATION PHASE OF AN ON-BOARD ELECTRONIC CHIP SYSTEM, ESPECIALLY A CHIP CARD, AND ON-BOARD SYSTEM IMPLEMENTING THE METHOD
FR2810481B1 (en) * 2000-06-20 2003-04-04 Gemplus Card Int CONTROL OF ACCESS TO A DATA PROCESSING MEANS
JP2002007932A (en) * 2000-06-21 2002-01-11 Nec Corp Data sale prompt settlement method and prepaid card
KR20020000961A (en) * 2000-06-23 2002-01-09 백영삼 A wireless authentication method using mobile telecommunication system
MXPA02011695A (en) * 2000-06-28 2004-02-12 Holdings Ltd G Transaction system with portable personal device for transaction identification and control.
KR20020004366A (en) * 2000-07-05 2002-01-16 구승엽 Electronic authentication system
AU2001286464A1 (en) * 2000-08-14 2002-02-25 Peter H. Gien System and method for secure smartcard issuance
WO2002032064A1 (en) * 2000-09-08 2002-04-18 Tallent Guy S System and method for providing authorization and other services
WO2002021409A1 (en) * 2000-09-08 2002-03-14 Tallent Guy S System and method for transparently providing certificate validation and other services within an electronic transaction
US7257839B2 (en) * 2000-09-26 2007-08-14 Nxp B.V. Calculation of identifier codes distributed among pan devices
JP2002117361A (en) * 2000-10-06 2002-04-19 Hitachi Ltd Electronic account settlement method and electronic account settlement system
AU2002239500A1 (en) * 2000-10-20 2002-06-03 Wave Systems Corporation Cryptographic data security system and method
KR100353731B1 (en) 2000-11-01 2002-09-28 (주)니트 젠 User authenticating system and method using one-time fingerprint template
AU2002226599A1 (en) * 2000-11-03 2002-05-15 Tomas Mulet Valles A method to carry out economic transactions through a telecommunications network
US20020141593A1 (en) * 2000-12-11 2002-10-03 Kurn David Michael Multiple cryptographic key linking scheme on a computer system
AU2002222194A1 (en) * 2000-12-14 2002-06-24 Assendon Limited An authentication system
KR100382880B1 (en) * 2000-12-28 2003-05-09 한컴씨큐어 주식회사 Authentication system and method using one-time password mechanism
JP2002259344A (en) * 2001-02-28 2002-09-13 Mitsubishi Electric Corp One-time password authentication system, portable telephone and user identification server
KR100553309B1 (en) * 2001-03-02 2006-02-20 송우아이엔티 주식회사 System and method for intermediating credit information, and storage media having program source thereof
AU2001258694A1 (en) * 2001-03-16 2002-10-03 G. Holdings Ltd. System and method for replacing identification data on a portable transaction device
FR2823398B1 (en) * 2001-04-04 2003-08-15 St Microelectronics Sa EXTRACTION OF PRIVATE DATA FOR AUTHENTICATION OF AN INTEGRATED CIRCUIT
KR20030097847A (en) * 2001-05-02 2003-12-31 시큐젠 코포레이션 Authenticating user on computer network for biometric information
KR20020090375A (en) * 2001-05-23 2002-12-05 안현기 card reading device, payment/authentication system using the card reading device
FR2825213B1 (en) * 2001-05-28 2004-01-16 Scrypto Systems USER AUTHENTICATION SYSTEM
FR2825873A1 (en) * 2001-06-11 2002-12-13 St Microelectronics Sa PROTECTED STORAGE OF DATA IN AN INTEGRATED CIRCUIT
US8001054B1 (en) * 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
KR100451541B1 (en) * 2001-07-10 2004-10-08 (주)니트 젠 Method of providing user interface via web
WO2003012714A1 (en) * 2001-07-31 2003-02-13 Karen Elizabeth Courtney A security system for transactions
US8281129B1 (en) * 2001-08-29 2012-10-02 Nader Asghari-Kamrani Direct authentication system and method via trusted authenticators
US7356837B2 (en) * 2001-08-29 2008-04-08 Nader Asghari-Kamrani Centralized identification and authentication system and method
US7444676B1 (en) 2001-08-29 2008-10-28 Nader Asghari-Kamrani Direct authentication and authorization system and method for trusted network of financial institutions
US7779267B2 (en) 2001-09-04 2010-08-17 Hewlett-Packard Development Company, L.P. Method and apparatus for using a secret in a distributed computing system
KR20030022568A (en) * 2001-09-11 2003-03-17 김명현 Method and system for generating temporary identification and password and accessing web site by using the same
KR20010099413A (en) * 2001-09-26 2001-11-09 최문현 authentication device for PDA
JP3668175B2 (en) * 2001-10-24 2005-07-06 株式会社東芝 Personal authentication method, personal authentication device, and personal authentication system
JP4045777B2 (en) * 2001-10-30 2008-02-13 株式会社日立製作所 Information processing device
WO2003038702A1 (en) * 2001-10-31 2003-05-08 Takako Jogu Electronic settlement apparatus and method thereof
JP2003216037A (en) * 2001-11-16 2003-07-30 Yazaki Corp Cipher key, enciphering device, enciphering/deciphering device, cipher key management device, and deciphering device
US20030145203A1 (en) * 2002-01-30 2003-07-31 Yves Audebert System and method for performing mutual authentications between security tokens
US20030163694A1 (en) * 2002-02-25 2003-08-28 Chaing Chen Method and system to deliver authentication authority web services using non-reusable and non-reversible one-time identity codes
US7899753B1 (en) * 2002-03-25 2011-03-01 Jpmorgan Chase Bank, N.A Systems and methods for time variable financial authentication
ATE313130T1 (en) * 2002-03-25 2005-12-15 Tds Todos Data System Ab SYSTEM AND METHOD FOR USER AUTHENTICATION IN A DIGITAL COMMUNICATIONS SYSTEM
US7472423B2 (en) * 2002-03-27 2008-12-30 Tvworks, Llc Method and apparatus for anonymously tracking TV and internet usage
EP1504424B1 (en) * 2002-05-10 2008-09-10 Prism Technologies LLC An authentication token
GB0210692D0 (en) * 2002-05-10 2002-06-19 Assendon Ltd Smart card token for remote authentication
US7370350B1 (en) * 2002-06-27 2008-05-06 Cisco Technology, Inc. Method and apparatus for re-authenticating computing devices
US7885896B2 (en) 2002-07-09 2011-02-08 Avaya Inc. Method for authorizing a substitute software license server
US8041642B2 (en) 2002-07-10 2011-10-18 Avaya Inc. Predictive software license balancing
WO2004008711A2 (en) * 2002-07-15 2004-01-22 Nokia Corporation An ipv6 address ownership authentification based on zero-knowledge identification protocols or based on one time password
JP2004072214A (en) * 2002-08-02 2004-03-04 Sharp Corp Electronic seal, ic card, authentication system for personal identification, and mobile apparatus
US20040107170A1 (en) * 2002-08-08 2004-06-03 Fujitsu Limited Apparatuses for purchasing of goods and services
US7349871B2 (en) * 2002-08-08 2008-03-25 Fujitsu Limited Methods for purchasing of goods and services
US7822688B2 (en) * 2002-08-08 2010-10-26 Fujitsu Limited Wireless wallet
US7606560B2 (en) * 2002-08-08 2009-10-20 Fujitsu Limited Authentication services using mobile device
US7801826B2 (en) * 2002-08-08 2010-09-21 Fujitsu Limited Framework and system for purchasing of goods and services
US7353382B2 (en) * 2002-08-08 2008-04-01 Fujitsu Limited Security framework and protocol for universal pervasive transactions
US7784684B2 (en) * 2002-08-08 2010-08-31 Fujitsu Limited Wireless computer wallet for physical point of sale (POS) transactions
US7770212B2 (en) * 2002-08-15 2010-08-03 Activcard System and method for privilege delegation and control
US7216363B2 (en) * 2002-08-30 2007-05-08 Avaya Technology Corp. Licensing duplicated systems
US7228567B2 (en) * 2002-08-30 2007-06-05 Avaya Technology Corp. License file serial number tracking
US7698225B2 (en) * 2002-08-30 2010-04-13 Avaya Inc. License modes in call processing
US7966520B2 (en) * 2002-08-30 2011-06-21 Avaya Inc. Software licensing for spare processors
US7707116B2 (en) * 2002-08-30 2010-04-27 Avaya Inc. Flexible license file feature controls
US7681245B2 (en) * 2002-08-30 2010-03-16 Avaya Inc. Remote feature activator feature extraction
KR100477670B1 (en) * 2002-09-26 2005-03-18 삼성전자주식회사 Monitor for security using smart card and method thereof
US20040078339A1 (en) * 2002-10-22 2004-04-22 Goringe Christopher M. Priority based licensing
US7266838B2 (en) * 2002-10-31 2007-09-04 Hewlett-Packard Development Company, L.P. Secure resource
US7895443B2 (en) * 2002-11-05 2011-02-22 Safenet, Inc. Secure authentication using hardware token and computer fingerprint
KR20020092311A (en) * 2002-11-13 2002-12-11 톤스텝 주식회사 User authentication with a secret card embedded in a mobile unit
US20040103290A1 (en) * 2002-11-22 2004-05-27 Mankins David P. System and method for controlling the right to use an item
JP4256670B2 (en) * 2002-12-10 2009-04-22 富士通株式会社 Capacitor element, semiconductor device and manufacturing method thereof
US7890997B2 (en) * 2002-12-26 2011-02-15 Avaya Inc. Remote feature activation authentication file system
JP2006518140A (en) * 2003-01-31 2006-08-03 アクサルト・エス・アー Communication between smart card and server
US7260557B2 (en) * 2003-02-27 2007-08-21 Avaya Technology Corp. Method and apparatus for license distribution
SG121759A1 (en) * 2003-02-28 2006-05-26 Data Security Systems Solution A system and method for authenticating identities over remote channels
JP4536330B2 (en) * 2003-03-06 2010-09-01 ソニー株式会社 Data processing apparatus and method
US7190948B2 (en) * 2003-03-10 2007-03-13 Avaya Technology Corp. Authentication mechanism for telephony devices
US7373657B2 (en) * 2003-03-10 2008-05-13 Avaya Technology Corp. Method and apparatus for controlling data and software access
US20040181696A1 (en) * 2003-03-11 2004-09-16 Walker William T. Temporary password login
JP4300832B2 (en) * 2003-03-14 2009-07-22 ソニー株式会社 Data processing apparatus, method thereof and program thereof
JP2004302921A (en) * 2003-03-31 2004-10-28 Toshiba Corp Device authenticating apparatus using off-line information and device authenticating method
US7694330B2 (en) * 2003-05-23 2010-04-06 Industrial Technology Research Institute Personal authentication device and system and method thereof
JP2005011151A (en) * 2003-06-20 2005-01-13 Renesas Technology Corp Memory card
JP2005025337A (en) * 2003-06-30 2005-01-27 Sony Corp Appliance registration system, appliance registration server, appliance registration method, appliance registration program, storage medium and terminal appliance
US20050050330A1 (en) * 2003-08-27 2005-03-03 Leedor Agam Security token
JP2007506392A (en) * 2003-09-22 2007-03-15 イムプシス ディジタル セキュリティ アクチボラゲット Data communication security mechanisms and methods
WO2005059793A1 (en) * 2003-12-01 2005-06-30 Hyungmin Kim Electronic settlement system and method using serial number including identification of software, contents or electronic information, and computer-readable recording medium for recording program for performing the method
US8060745B2 (en) * 2003-12-16 2011-11-15 Seiko Epson Corporation Security for wireless transmission
JP4540353B2 (en) * 2004-01-23 2010-09-08 三菱電機株式会社 Authentication system and terminal device
US7877605B2 (en) * 2004-02-06 2011-01-25 Fujitsu Limited Opinion registering application for a universal pervasive transaction framework
US7353388B1 (en) 2004-02-09 2008-04-01 Avaya Technology Corp. Key server for securing IP telephony registration, control, and maintenance
JP4036838B2 (en) * 2004-03-12 2008-01-23 インターナショナル・ビジネス・マシーンズ・コーポレーション Security device, information processing device, method executed by security device, method executed by information processing device, program executable for executing the method, and ticket system
US7308250B2 (en) * 2004-03-16 2007-12-11 Broadcom Corporation Integration of secure identification logic into cell phone
US7539860B2 (en) * 2004-03-18 2009-05-26 American Express Travel Related Services Company, Inc. Single use user IDS
US7272500B1 (en) 2004-03-25 2007-09-18 Avaya Technology Corp. Global positioning system hardware key for software licenses
DE102005008258A1 (en) * 2004-04-07 2005-10-27 Giesecke & Devrient Gmbh Data carrier with TAN generator and display
FR2869486B1 (en) * 2004-04-21 2007-08-31 Oberthur Card Syst Sa SECURE DATA PROCESSING METHOD AND DEVICE THEREFOR
US7734929B2 (en) * 2004-04-30 2010-06-08 Hewlett-Packard Development Company, L.P. Authorization method
JP2005316856A (en) * 2004-04-30 2005-11-10 Toshiba Corp Information processor, starting method thereof, and starting program thereof
US7725926B1 (en) * 2004-08-23 2010-05-25 Hewlett-Packard Development Company, L.P. Authentication
JP2006067174A (en) * 2004-08-26 2006-03-09 Fujitsu Ltd Control program, communication relay device control method, and communication relay device and system
US7707405B1 (en) 2004-09-21 2010-04-27 Avaya Inc. Secure installation activation
US7965701B1 (en) 2004-09-30 2011-06-21 Avaya Inc. Method and system for secure communications with IP telephony appliance
US8229858B1 (en) 2004-09-30 2012-07-24 Avaya Inc. Generation of enterprise-wide licenses in a customer environment
US7747851B1 (en) 2004-09-30 2010-06-29 Avaya Inc. Certificate distribution via license files
KR20070050504A (en) * 2004-10-15 2007-05-15 베리사인 인코포레이티드 One time password
US7571489B2 (en) * 2004-10-20 2009-08-04 International Business Machines Corporation One time passcode system
US20060107067A1 (en) * 2004-11-15 2006-05-18 Max Safal Identification card with bio-sensor and user authentication method
WO2006066999A2 (en) * 2004-12-22 2006-06-29 International Business Machines Corporation Method, system and computer program product for handling data
GB2423175A (en) * 2005-02-15 2006-08-16 Paul Baker Payment system
US7549922B2 (en) * 2005-03-17 2009-06-23 Atronic International Gmbh Software security for gaming devices
CN100431384C (en) * 2005-04-12 2008-11-05 中国电信股份有限公司 Method for preventing PHS terminal from being parallel operated unauthorizedly
US8266441B2 (en) * 2005-04-22 2012-09-11 Bank Of America Corporation One-time password credit/debit card
US20070005963A1 (en) * 2005-06-29 2007-01-04 Intel Corporation Secured one time access code
US7748031B2 (en) * 2005-07-08 2010-06-29 Sandisk Corporation Mass storage device with automated credentials loading
CN101233469B (en) 2005-07-21 2013-06-05 克莱夫公司 Memory lock system
KR100752393B1 (en) * 2005-07-22 2007-08-28 주식회사 엘립시스 Token and method for personal authentication
US8181232B2 (en) * 2005-07-29 2012-05-15 Citicorp Development Center, Inc. Methods and systems for secure user authentication
FR2890201A1 (en) * 2005-08-31 2007-03-02 Proton World Internatinal Nv Digital data e.g. music files, storing method for e.g. digital floppy disk, involves encrypting digital data using symmetric algorithm with encryption key independent to recorder, and transferring key onto physical medium or microcircuit
US7814023B1 (en) 2005-09-08 2010-10-12 Avaya Inc. Secure download manager
KR100964036B1 (en) * 2005-09-09 2010-06-15 주식회사 에스원 Reader and rf card decoding method using the reader
NO324315B1 (en) * 2005-10-03 2007-09-24 Encap As Method and system for secure user authentication at personal data terminal
US8245292B2 (en) * 2005-11-16 2012-08-14 Broadcom Corporation Multi-factor authentication using a smartcard
ES2363165T3 (en) * 2005-12-01 2011-07-22 Vodafone Holding Gmbh GENERATION OF CUSTOMER IDENTITIES IN A COMMUNICATION SYSTEM.
US7904946B1 (en) 2005-12-09 2011-03-08 Citicorp Development Center, Inc. Methods and systems for secure user authentication
US9002750B1 (en) 2005-12-09 2015-04-07 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US9768963B2 (en) 2005-12-09 2017-09-19 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
FR2895608B1 (en) * 2005-12-23 2008-03-21 Trusted Logic Sa METHOD FOR MAKING A SECURED COUNTER ON AN ON-BOARD COMPUTER SYSTEM HAVING A CHIP CARD
US8934865B2 (en) * 2006-02-02 2015-01-13 Alcatel Lucent Authentication and verification services for third party vendors using mobile devices
US8171542B2 (en) * 2006-02-13 2012-05-01 Honeywell International Inc. Advanced encryption standard to provide hardware key interface
FR2897488B1 (en) * 2006-02-16 2008-04-11 Digimedia Interactivite Soc Pa METHOD OF PUBLIC KEY CERTIFICATION BY A NON-ACCREDITED PROVIDER
US20070214364A1 (en) * 2006-03-07 2007-09-13 Roberts Nicole A Dual layer authentication system for securing user access to remote systems and associated methods
US9258124B2 (en) 2006-04-21 2016-02-09 Symantec Corporation Time and event based one time password
KR100645401B1 (en) * 2006-05-01 2006-11-15 주식회사 미래테크놀로지 Time sync type otp generation device in mobile phone and generation method
KR100734724B1 (en) 2006-05-03 2007-07-02 주식회사 신한은행 Mobile devices and program recording medium
KR100737173B1 (en) * 2006-05-09 2007-07-10 경북대학교 산학협력단 One time passwrod generator and the authentication apparatus using said one time password generator
US9769158B2 (en) * 2006-06-07 2017-09-19 Red Hat, Inc. Guided enrollment and login for token users
FR2902253B1 (en) * 2006-06-13 2009-04-03 Ingenico Sa METHOD AND DEVICE FOR AUTHENTICATING A USER
CN101101687B (en) * 2006-07-05 2010-09-01 山谷科技有限责任公司 Method, apparatus, server and system using biological character for identity authentication
US20080010453A1 (en) * 2006-07-06 2008-01-10 Laurence Hamid Method and apparatus for one time password access to portable credential entry and memory storage devices
JP2008015877A (en) * 2006-07-07 2008-01-24 Fujitsu Ltd Authentication system and method
DE102006034536A1 (en) * 2006-07-26 2008-01-31 Carl Zeiss Meditec Ag Method for generating access data for a medical device
DE102006034535A1 (en) * 2006-07-26 2008-01-31 Carl Zeiss Meditec Ag Method for generating a one-time access code
US8166532B2 (en) * 2006-10-10 2012-04-24 Honeywell International Inc. Decentralized access control framework
CN101554005A (en) 2006-10-11 2009-10-07 国际签证服务协会 Method and system for processing micropayment transactions
US10068220B2 (en) 2006-10-11 2018-09-04 Visa International Service Association Systems and methods for brokered authentication express seller links
US20100223184A1 (en) * 2006-10-11 2010-09-02 Visa International Service Association Sponsored Accounts For Computer-Implemented Payment System
US8050665B1 (en) 2006-10-20 2011-11-01 Avaya Inc. Alert reminder trigger by motion-detector
US9125144B1 (en) 2006-10-20 2015-09-01 Avaya Inc. Proximity-based feature activation based on programmable profile
US9251637B2 (en) 2006-11-15 2016-02-02 Bank Of America Corporation Method and apparatus for using at least a portion of a one-time password as a dynamic card verification value
JP2008158778A (en) * 2006-12-22 2008-07-10 Fujitsu Ltd Personal identification program, method, and system
US8615662B2 (en) * 2007-01-31 2013-12-24 Microsoft Corporation Password authentication via a one-time keyboard map
US8590024B2 (en) * 2007-02-01 2013-11-19 The Boeing Company Method for generating digital fingerprint using pseudo random number code
US7866551B2 (en) 2007-02-15 2011-01-11 Visa U.S.A. Inc. Dynamic payment device characteristics
GB2442249B (en) * 2007-02-20 2008-09-10 Cryptomathic As Authentication device and method
EP2034458A3 (en) 2007-03-09 2009-09-02 ActivIdentity, Inc. One-time passwords
US8002193B2 (en) 2007-03-12 2011-08-23 Visa U.S.A. Inc. Payment card dynamically receiving power from external source
US20080249947A1 (en) * 2007-04-09 2008-10-09 Potter Eric R Multi-factor authentication using a one time password
JP4973292B2 (en) * 2007-04-10 2012-07-11 大日本印刷株式会社 Authentication device, authentication program, authentication system, password generation device, portable security device, and password generation program
KR100914771B1 (en) * 2007-05-09 2009-09-01 주식회사 웰비아닷컴 System and method for security using one-time execution code
US20090037729A1 (en) * 2007-08-03 2009-02-05 Lawrence Smith Authentication factors with public-key infrastructure
US20090106826A1 (en) * 2007-10-19 2009-04-23 Daniel Palestrant Method and system for user authentication using event triggered authorization events
US20090172165A1 (en) * 2007-12-27 2009-07-02 Kabushiki Kaisha Toshiba Information Processing Apparatus and Information Processing System
US20090183246A1 (en) * 2008-01-15 2009-07-16 Authlogic Inc. Universal multi-factor authentication
JP5513410B2 (en) * 2008-01-18 2014-06-04 アイデントラスト, インコーポレイテッド Binding digital certificates to multiple trust domains
US20090220075A1 (en) * 2008-02-28 2009-09-03 Akros Techlabs, Llc Multifactor authentication system and methodology
US8321929B2 (en) * 2008-03-24 2012-11-27 Dell Products L.P. System and method for implementing a one time password at an information handling system
US20090319789A1 (en) * 2008-04-14 2009-12-24 Larry Wendell Wilson Encrypted portable medical history system
US10008067B2 (en) * 2008-06-16 2018-06-26 Visa U.S.A. Inc. System and method for authorizing financial transactions with online merchants
KR20100021818A (en) * 2008-08-18 2010-02-26 한국전자통신연구원 Method for authentication using one-time identification information and system
US7827108B2 (en) * 2008-11-21 2010-11-02 Visa U.S.A. Inc. System and method of validating a relationship between a user and a user account at a financial institution
US20100226526A1 (en) * 2008-12-31 2010-09-09 Modro Sierra K Mobile media, devices, and signaling
US20100174913A1 (en) * 2009-01-03 2010-07-08 Johnson Simon B Multi-factor authentication system for encryption key storage and method of operation therefor
US10289826B2 (en) * 2009-03-03 2019-05-14 Cybrsecurity Corporation Using hidden secrets and token devices to control access to secure systems
US20100241865A1 (en) * 2009-03-19 2010-09-23 Chunghwa Telecom Co., Ltd One-Time Password System Capable of Defending Against Phishing Attacks
US9715681B2 (en) 2009-04-28 2017-07-25 Visa International Service Association Verification of portable consumer devices
US8326759B2 (en) * 2009-04-28 2012-12-04 Visa International Service Association Verification of portable consumer devices
CA2665961C (en) * 2009-05-12 2013-01-22 Diversinet Corp. Method and system for delivering a command to a mobile device
US9105027B2 (en) 2009-05-15 2015-08-11 Visa International Service Association Verification of portable consumer device for secure services
US9038886B2 (en) 2009-05-15 2015-05-26 Visa International Service Association Verification of portable consumer devices
US8893967B2 (en) 2009-05-15 2014-11-25 Visa International Service Association Secure Communication of payment information to merchants using a verification token
US8602293B2 (en) 2009-05-15 2013-12-10 Visa International Service Association Integration of verification tokens with portable computing devices
US7891560B2 (en) 2009-05-15 2011-02-22 Visa International Service Assocation Verification of portable consumer devices
US10846683B2 (en) 2009-05-15 2020-11-24 Visa International Service Association Integration of verification tokens with mobile communication devices
US8534564B2 (en) 2009-05-15 2013-09-17 Ayman Hammad Integration of verification tokens with mobile communication devices
US8280788B2 (en) 2009-10-29 2012-10-02 Visa International Service Association Peer-to-peer and group financial management systems and methods
US20110106674A1 (en) * 2009-10-29 2011-05-05 Jeffrey William Perlman Optimizing Transaction Scenarios With Automated Decision Making
US8676639B2 (en) * 2009-10-29 2014-03-18 Visa International Service Association System and method for promotion processing and authorization
US8332325B2 (en) 2009-11-02 2012-12-11 Visa International Service Association Encryption switch processing
US10255591B2 (en) 2009-12-18 2019-04-09 Visa International Service Association Payment channel returning limited use proxy dynamic value
US8352312B2 (en) * 2010-02-12 2013-01-08 Es&S Innovations, Llc System and method for controlling actions taken on voting devices
WO2011121566A1 (en) * 2010-03-31 2011-10-06 Paytel Inc. A method for mutual authentication of a user and service provider
US8839415B2 (en) 2011-02-01 2014-09-16 Kingston Technology Corporation Blank smart card device issuance system
AU2012225684B2 (en) 2011-03-04 2016-11-10 Visa International Service Association Integration of payment capability into secure elements of computers
US9292840B1 (en) 2011-04-07 2016-03-22 Wells Fargo Bank, N.A. ATM customer messaging systems and methods
US9087428B1 (en) 2011-04-07 2015-07-21 Wells Fargo Bank, N.A. System and method for generating a customized user interface
US9589256B1 (en) 2011-04-07 2017-03-07 Wells Fargo Bank, N.A. Smart chaining
US9203617B2 (en) * 2011-08-17 2015-12-01 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
GB2495704B (en) 2011-10-12 2014-03-26 Technology Business Man Ltd ID Authentication
US10282724B2 (en) 2012-03-06 2019-05-07 Visa International Service Association Security system incorporating mobile device
JP5962354B2 (en) * 2012-09-06 2016-08-03 株式会社リコー Information processing apparatus, program, and system
CN103810431A (en) * 2012-11-15 2014-05-21 鸿富锦精密工业(深圳)有限公司 Password protection system and method
US9323909B1 (en) * 2012-12-07 2016-04-26 Emc Corporation Sharing a cryptographic device by partitioning challenge-response space
EP3019992B1 (en) * 2013-07-08 2020-04-29 Assa Abloy AB One-time-password generated on reader device using key read from personal security device
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
CN105830107A (en) 2013-12-19 2016-08-03 维萨国际服务协会 Cloud-based transactions methods and systems
EP2924914A1 (en) * 2014-03-25 2015-09-30 Gemalto SA Method to manage a one time password key
US9332008B2 (en) * 2014-03-28 2016-05-03 Netiq Corporation Time-based one time password (TOTP) for network authentication
AU2015264124B2 (en) 2014-05-21 2019-05-09 Visa International Service Association Offline authentication
KR101812464B1 (en) * 2014-06-11 2018-01-30 주식회사 슈프리마 Creation and authentication of biometric information by using watermark
CN104038933A (en) * 2014-06-16 2014-09-10 彭卫 Encryption and authentication management method of mobile web
EP2963855A1 (en) * 2014-07-04 2016-01-06 Gemalto SA Synchronization method for synchronizing a peripheral function.
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US10255429B2 (en) 2014-10-03 2019-04-09 Wells Fargo Bank, N.A. Setting an authorization level at enrollment
US9473490B2 (en) * 2014-10-13 2016-10-18 Wells Fargo Bank, N.A. Bidirectional authentication
US10187363B2 (en) 2014-12-31 2019-01-22 Visa International Service Association Hybrid integration of software development kit with secure execution environment
CZ2015474A3 (en) * 2015-07-07 2017-02-08 Aducid S.R.O. The method of communication authentication of the authentication device and at least one authentication server using a local factor
US20170180360A1 (en) * 2015-12-22 2017-06-22 Centre For Development Of Advanced Computing (Cdac) System for securing user identity information and a device thereof
DE102016213189A1 (en) * 2016-07-19 2018-01-25 Thales Deutschland Gmbh Method for operating an automatic security system, device for deactivating a security measure of an automatic security system, and safety-critical system
US11895240B2 (en) * 2016-12-15 2024-02-06 Nec Corporation System, apparatus, method and program for preventing illegal distribution of an access token
US10387632B2 (en) 2017-05-17 2019-08-20 Bank Of America Corporation System for provisioning and allowing secure access to a virtual credential
US10574650B2 (en) 2017-05-17 2020-02-25 Bank Of America Corporation System for electronic authentication with live user determination
US10887090B2 (en) * 2017-09-22 2021-01-05 Nec Corporation Scalable byzantine fault-tolerant protocol with partial tee support
JP6828960B2 (en) * 2018-02-28 2021-02-10 Necプラットフォームズ株式会社 Communication devices, management servers, security systems, control methods and programs
JP7049933B2 (en) * 2018-06-11 2022-04-07 株式会社日立製作所 Jurisdiction management device and rights information management system
EP3828799A4 (en) * 2018-08-09 2022-06-08 SSenStone Inc. User authentication method and system using virtual authentication code
US11392933B2 (en) * 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US11509738B2 (en) * 2019-07-18 2022-11-22 Dell Products L.P. System for migration of data from legacy computer system using wireless peer-to-peer connection

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4317957A (en) * 1980-03-10 1982-03-02 Marvin Sendrow System for authenticating users and devices in on-line transaction networks
JPH0762854B2 (en) * 1985-03-05 1995-07-05 カシオ計算機株式会社 IC card system
JPH0762862B2 (en) * 1985-09-17 1995-07-05 カシオ計算機株式会社 Authentication method in IC card system
JP2698588B2 (en) * 1987-11-13 1998-01-19 株式会社東芝 Portable electronic devices
JPH0378082A (en) * 1989-08-21 1991-04-03 Hitachi Ltd Reservation transaction processing method
JP2724008B2 (en) * 1989-12-01 1998-03-09 沖電気工業株式会社 Personal identification processing system and personal identification processing method
US5036461A (en) * 1990-05-16 1991-07-30 Elliott John C Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
FR2665279A1 (en) * 1990-07-24 1992-01-31 Aschenbroich Yves Process for protecting portable cards containing information in memory and device for its implementation
EP0504364B1 (en) * 1990-08-29 1997-10-15 Hughes Aircraft Company Distributed user authentication protocol
US5657388A (en) * 1993-05-25 1997-08-12 Security Dynamics Technologies, Inc. Method and apparatus for utilizing a token for resource access
US5224162A (en) * 1991-06-14 1993-06-29 Nippon Telegraph And Telephone Corporation Electronic cash system
EP0566811A1 (en) * 1992-04-23 1993-10-27 International Business Machines Corporation Authentication method and system with a smartcard
FR2705810B1 (en) * 1993-05-26 1995-06-30 Gemplus Card Int Chip card chip provided with a means of limiting the number of authentications.
JP3053527B2 (en) * 1993-07-30 2000-06-19 インターナショナル・ビジネス・マシーンズ・コーポレイション Method and apparatus for validating a password, method and apparatus for generating and preliminary validating a password, method and apparatus for controlling access to resources using an authentication code
EP0673178B1 (en) * 1994-03-17 2005-02-16 Kokusai Denshin Denwa Co., Ltd Authentication method for mobile communications
US5604803A (en) * 1994-06-03 1997-02-18 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100343830C (en) * 1998-07-16 2007-10-17 索尼公司 Data storage equipment and data storage method
CN100352172C (en) * 2001-10-24 2007-11-28 中兴通讯股份有限公司 Method of implementing two kind hand set compatible right discrimination mode in personal hand set system
CN1417741B (en) * 2001-11-03 2011-05-11 李灵 Two-way enciphering magnetic card anti-fake method
US8966276B2 (en) 2003-09-12 2015-02-24 Emc Corporation System and method providing disconnected authentication
CN100432889C (en) * 2003-09-12 2008-11-12 Rsa安全公司 System and method providing disconnected authentication
WO2005041480A1 (en) * 2003-10-29 2005-05-06 Hui Lin A method of mail server landing security certification and ic card certification hardware
WO2005041481A1 (en) * 2003-10-29 2005-05-06 Hui Lin A method of internet clearance security certification and ic card certification hardware
CN1961523B (en) * 2004-02-23 2010-04-14 弗里塞恩公司 Token provision
CN101800637B (en) * 2004-02-23 2012-07-11 弗里塞恩公司 Token provisioning
CN101273378A (en) * 2005-08-11 2008-09-24 维萨国际服务协会 Method and system for performing two factor mutual authentication
CN101394411B (en) * 2008-11-12 2011-08-17 北京飞天诚信科技有限公司 Safe packet transmission system and method
CN102272768B (en) * 2009-01-05 2015-07-08 飞思卡尔半导体公司 Method, system and integrated circuit for enabling access to a memory element
CN103475463A (en) * 2013-08-19 2013-12-25 华为技术有限公司 Encryption realization method and apparatus
CN103475463B (en) * 2013-08-19 2017-04-05 华为技术有限公司 Encryption implementation method and device

Also Published As

Publication number Publication date
US6067621A (en) 2000-05-23
GB9721224D0 (en) 1997-12-03
GB2317983A (en) 1998-04-08
KR100213188B1 (en) 1999-08-02
DE19744106A1 (en) 1998-04-09
GB2317983B (en) 2000-06-28
JPH10171909A (en) 1998-06-26
FR2754411A1 (en) 1998-04-10
CN1197030C (en) 2005-04-13
FR2754411B1 (en) 2002-11-15
DE19744106B4 (en) 2007-11-29
KR19980025834A (en) 1998-07-15

Similar Documents

Publication Publication Date Title
CN1197030C (en) Apparatus for authenticating user and method therefor
US5657388A (en) Method and apparatus for utilizing a token for resource access
CN107925581B (en) Biometric authentication system and authentication server
CN1922845B (en) Token authentication system and method
CN100483994C (en) System, portable device and method for digital authenticating, crypting and signing by generating short-lived encrypted key
US6904526B1 (en) System and method of authenticating individuals
US20080201576A1 (en) Information Processing Server And Information Processing Method
US20020138769A1 (en) System and process for conducting authenticated transactions online
CN104321777B (en) Public identifier is generated to verify the personal method for carrying identification object
CN108900298B (en) Quantum cipher watermark-based private block chain honest node authentication access method
JP2005010826A (en) Authentication terminal device, biometrics information authentication system and biometrics information acquisition system
JP2002543668A (en) Highly Secure Biometric Authentication Using Public / Private Key Encryption Pairs
CN103679436A (en) Electronic contract security system and method based on biological information identification
CA2636453A1 (en) Multisystem biometric token
CA2273859A1 (en) Authenticating system with microcircuit card
CA2465227A1 (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
WO2004061786A2 (en) Methods and apparatus for credential validation
EP3915221B1 (en) Offline interception-free interaction with a cryptocurrency network using a network-disabled device
JP2003134107A (en) System, method and program for individual authentication
CN103248629B (en) Identity registration system
Najera et al. Security Mechanisms and Access Control Infrastructure for e-Passports and General Purpose e-Documents.
Hardjono et al. Applications of smartcards for anonymous and verifiable databases
Rubika et al. Execution of IoT System using Blockchain with Authentication and Data Protection
EP3491575A1 (en) Method and system for the authentic determination of the identity of an electronic document with itself at a later date or with a copy thereof
Costa et al. E-Services in Mission-Critical Organizations: Identification Enforcement.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20050413

Termination date: 20141005

EXPY Termination of patent right or utility model